Privacy Policy
Last Updated: November 28, 2025
1. Information We Collect
We DO NOT collect:
- Your files (encrypted before upload)
- Your passwords (never leave your browser)
- Personal information (name, email, etc.)
- User accounts or profiles
- Cookies or tracking data
We DO collect:
- File metadata: filename, file size, expiration time
- Technical logs: Timestamps, file IDs (partial, for troubleshooting only)
- Usage metrics: API request counts (no personal data)
Note: IP addresses are not stored in our database. Server logs may temporarily contain IP addresses for security purposes but are deleted after 7 days.
2. How We Use Your Information
The minimal data we collect is used solely for:
- Delivering the file sharing service
- Preventing abuse and security threats
- Technical troubleshooting
- Service improvement
3. Zero-Knowledge Architecture
rcrypt uses zero-knowledge encryption:
- Files are encrypted in your browser using AES-256-GCM
- Encryption happens before files leave your device
- We store only encrypted data that we cannot decrypt
- Your password never leaves your browser
- We cannot access your files even if compelled by law
4. Data Retention
All data is automatically deleted:
- Files: Deleted after your selected expiration time (1, 6, or 24 hours) or after first download (if one-time download is enabled)
- Metadata: Deleted at the same time as files automatically
- Logs: Retained for 7 days for security and troubleshooting purposes
5. Data Storage
Your encrypted files are stored on:
- Secure cloud infrastructure in the United States
- Encrypted at rest and in transit
- Access restricted to service operations only
- Geographically redundant storage
6. Third-Party Services
We use the following third-party services:
- Cloud Infrastructure: For secure storage, computing, and content delivery
We do NOT use:
- Google Analytics or similar tracking services
- Advertising networks
- Social media tracking
- Third-party cookies
7. Analytics
We use self-hosted Umami Analytics to understand how our service is used and improve user experience. Umami is a privacy-focused, open-source analytics platform.
What we collect through analytics:
- Page views and visit duration
- Referrer (where you came from)
- Country (not city or precise location)
- Browser and device type
- Operating system
What we DON'T collect:
- Personal information or identifiers
- IP addresses (hashed immediately and not stored)
- Cookies or persistent identifiers
- Cross-site tracking data
- Individual user behavior
Analytics data storage:
- Hosted on our own servers (not shared with third parties)
- Retained for 12 months for trend analysis
- Aggregated and anonymized
- GDPR and CCPA compliant
Opting out: You can opt out by enabling "Do Not Track" in your browser settings, or by using browser extensions that block analytics scripts.
8. Your Rights
Under GDPR and CCPA, you have the right to:
- Access: Request what data we have (minimal metadata only)
- Deletion: Files auto-delete within 24 hours
- Portability: Download your files anytime before expiration
- Opt-out: Simply don't use the service
9. Security Measures
We implement industry-standard security:
- AES-256-GCM encryption (military-grade)
- HTTPS/TLS for all connections
- Rate limiting to prevent abuse
- Audit logging (no PII)
- Regular security updates
10. Children's Privacy
rcrypt does not knowingly collect information from children under 13. The service is intended for general audiences. No age verification is required as we collect no personal information.
11. International Users
rcrypt is operated from the United States. By using the service, you consent to the transfer of data to the US. We comply with GDPR for EU users and CCPA for California residents.
12. Changes to This Policy
We may update this privacy policy. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service constitutes acceptance of changes.
13. Contact
For privacy questions or concerns, contact us at:
Email: soorena@pm.me